IssueDescription: It was found that the get and log methods of the AgentController wrote log messages without sanitizing user input. A remote attacker could use this flaw to insert arbitrary content into the log files written to by AgentController. Acknowledgement: This issue was discovered by Jan Rusnacko of Red Hat Product Security.
Jan Rusnacko was able to execute this without authentication, updated CVSS2 score.
This issue has been addressed in following products: CloudForms Management Engine 5.x Via RHSA-2014:1037 https://rhn.redhat.com/errata/RHSA-2014-1037.html